[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779984: marked as done (unblock: (pre-approval) hivex/1.3.10-2+deb8u1)

Your message dated Sat, 07 Mar 2015 18:52:21 +0000
with message-id <1425754341.12031.23.camel@adam-barratt.org.uk>
and subject line Re: Bug#779984: jessie-pu: package hivex/1.3.10-2+deb8u1
has caused the Debian Bug report #779984,
regarding unblock: (pre-approval) hivex/1.3.10-2+deb8u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779984: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779984
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal

hivex 1.3.10-2+deb8u1 adds two patches from upstream that fix
CVE-2014-9273 and changes nothing else over 1.3.10-2 currently in
jessie. See the attached debdiff for details.

Cheers,
-Hilko

diff -Nru hivex-1.3.10/debian/changelog hivex-1.3.10/debian/changelog
--- hivex-1.3.10/debian/changelog	2014-06-18 22:48:40.000000000 +0200
+++ hivex-1.3.10/debian/changelog	2015-03-07 15:48:17.000000000 +0100
@@ -1,3 +1,10 @@
+hivex (1.3.10-2+deb8u1) testing-proposed-updates; urgency=medium
+
+  * Added upstream patches that fix CVE-2014-9273 ("missing checks for
+    small-sized files in hivex")
+
+ -- Hilko Bengen <bengen@debian.org>  Sat, 07 Mar 2015 15:40:54 +0100
+
 hivex (1.3.10-2) unstable; urgency=medium
 
   [ Niko Tyni ]
diff -Nru hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
--- hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch	1970-01-01 01:00:00.000000000 +0100
+++ hivex-1.3.10/debian/patches/0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch	2015-03-07 15:38:46.000000000 +0100
@@ -0,0 +1,32 @@
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 30 Oct 2014 13:50:39 +0000
+Subject: handle: Refuse to open files < 8192 bytes in size.
+
+These cannot be valid hives, since they don't contain a full header
+page and at least a single page of data (in other words they couldn't
+contain a root node).
+
+Thanks: Mahmoud Al-Qudsi
+(cherry picked from commit 357f26fa64fd1d9ccac2331fe174a8ee9c607adb)
+---
+ lib/handle.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/handle.c b/lib/handle.c
+index 62a8644..a3cbcf7 100644
+--- a/lib/handle.c
++++ b/lib/handle.c
+@@ -104,6 +104,13 @@ hivex_open (const char *filename, int flags)
+ 
+   h->size = statbuf.st_size;
+ 
++  if (h->size < 0x2000) {
++    SET_ERRNO (EINVAL,
++               "%s: file is too small to be a Windows NT Registry hive file",
++               filename);
++    goto error;
++  }
++
+   if (!h->writable) {
+     h->addr = mmap (NULL, h->size, PROT_READ, MAP_SHARED, h->fd, 0);
+     if (h->addr == MAP_FAILED)
diff -Nru hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch
--- hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch	1970-01-01 01:00:00.000000000 +0100
+++ hivex-1.3.10/debian/patches/0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch	2015-03-07 15:38:46.000000000 +0100
@@ -0,0 +1,28 @@
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 30 Oct 2014 14:02:25 +0000
+Subject: handle: Check that pages do not extend beyond the end of the file.
+
+Thanks: Mahmoud Al-Qudsi
+(cherry picked from commit 4bbdf555f88baeae0fa804a369a81a83908bd705)
+---
+ lib/handle.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/handle.c b/lib/handle.c
+index a3cbcf7..3a8f09b 100644
+--- a/lib/handle.c
++++ b/lib/handle.c
+@@ -247,6 +247,13 @@ hivex_open (const char *filename, int flags)
+       goto error;
+     }
+ 
++    if (off + page_size > h->size) {
++      SET_ERRNO (ENOTSUP,
++                 "%s: page size %zu at 0x%zx extends beyond end of file, bad registry",
++                 filename, page_size, off);
++      goto error;
++    }
++
+     /* Read the blocks in this page. */
+     size_t blkoff;
+     struct ntreg_hbin_block *block;
diff -Nru hivex-1.3.10/debian/patches/series hivex-1.3.10/debian/patches/series
--- hivex-1.3.10/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ hivex-1.3.10/debian/patches/series	2015-03-07 15:38:46.000000000 +0100
@@ -0,0 +1,2 @@
+0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
+0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch

--- End Message ---
--- Begin Message --- 
On Sat, 2015-03-07 at 18:12 +0100, Hilko Bengen wrote:
> Control: tag -1 -moreinfo
> * Adam D. Barratt:
> 
> >> hivex 1.3.10-2+deb8u1 adds two patches from upstream that fix
> >> CVE-2014-9273 and changes nothing else over 1.3.10-2 currently in
> >> jessie. See the attached debdiff for details.
> >
> > I'd prefer "jessie" as the target distribution, 
> 
> dput-ng seems to want to prevent me from using anything but
> testing-proposed-updates.

Odd.

> > but in any case, please go ahead and remove the "moreinfo" tag once
> > the package has been accepted.
> 
> Done.

Unblocked.

Regards,

Adam

--- End Message ---
Reply to: